CVE-2025-27466
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-11-04
Assigner: Xen Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xen | xen | From 4.13.0 (inc) to 4.17.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-395 | Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-27466 is a NULL pointer dereference vulnerability in the Xen hypervisor's Viridian code. It occurs during the updating of the reference Time Stamp Counter (TSC) area, which is part of how the hypervisor manages guest memory pages. This flaw can cause the hypervisor to crash or behave unexpectedly when handling certain guest operations. [1]
How can this vulnerability impact me? :
This vulnerability can lead to a Denial of Service (DoS) condition by causing the Xen hypervisor to crash or become unstable. In some cases, it may also allow privilege escalation, potentially compromising the entire host system running the affected Xen versions with Viridian extensions enabled. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-27466, you should apply the official patches provided in Xen Security Advisory XSA-472 (xsa472-1.patch, xsa472-2.patch, xsa472-3.patch). Additionally, you can disable the Viridian extensions 'reference_tsc' and 'stimer' on affected Xen versions (4.13 and newer) to prevent exploitation of this and related vulnerabilities. [1]